From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+112388+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 209FAAC0E1D
	for <rebecca@openfw.io>; Tue, 12 Dec 2023 10:43:07 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=C5x8wN9+wGHQwuqGycmMiosx5Liqg5tE4eEeQ/HIpTc=;
 c=relaxed/simple; d=groups.io;
 h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:To:Cc:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type;
 s=20140610; t=1702377786; v=1;
 b=r1dHFLCPkt1JJTzN7WONyLqf2d5o4PbZiQUXUzed/faYGaBLsVtP7yVVP8MXWZfe5FqoEqh7
 baQFap8FYRWBa+i1upz/rwy9cikG5kdED6hckDufAzYTsT4/zsWS3LpTVX8hCte6gGwwKvJ9RmD
 PLseqEd+uvH6JWXIQ0IwFPtA=
X-Received: by 127.0.0.2 with SMTP id WBHeYY7687511xVdSE2Lkejr; Tue, 12 Dec 2023 02:43:06 -0800
X-Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55])
 by mx.groups.io with SMTP id smtpd.web11.13815.1702377785914855462
 for <devel@edk2.groups.io>;
 Tue, 12 Dec 2023 02:43:06 -0800
X-Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58])
	by sin.source.kernel.org (Postfix) with ESMTP id 8502CCE17AC
	for <devel@edk2.groups.io>; Tue, 12 Dec 2023 10:43:02 +0000 (UTC)
X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id C3D92C433CA
	for <devel@edk2.groups.io>; Tue, 12 Dec 2023 10:43:01 +0000 (UTC)
X-Received: by mail-lj1-f178.google.com with SMTP id 38308e7fff4ca-2c9f4bb2e5eso76044351fa.1
        for <devel@edk2.groups.io>; Tue, 12 Dec 2023 02:43:01 -0800 (PST)
X-Gm-Message-State: IFyTAOavs1XM7lVYDN1OhX9rx7686176AA=
X-Google-Smtp-Source: AGHT+IFe2H8DnjOFzUoS96yh0IXMa9hOkJCnZcLiHG096L5VUJ5SWYQg1B7yA5eClF6ZxHuryGLUF/XwahpyKXmdIzY=
X-Received: by 2002:a05:651c:1994:b0:2cc:1da8:2189 with SMTP id
 bx20-20020a05651c199400b002cc1da82189mr1851313ljb.31.1702377779952; Tue, 12
 Dec 2023 02:42:59 -0800 (PST)
MIME-Version: 1.0
References: <20231212083600.1889189-1-ardb@google.com> <cw4pqw72fvu4a4jm5zlcbiclg522taxxxptubcmkucpe2b7o2g@fuylonecmgkv>
In-Reply-To: <cw4pqw72fvu4a4jm5zlcbiclg522taxxxptubcmkucpe2b7o2g@fuylonecmgkv>
From: "Ard Biesheuvel" <ardb@kernel.org>
Date: Tue, 12 Dec 2023 11:42:48 +0100
X-Gmail-Original-Message-ID: <CAMj1kXFf8z+g=A-mKE29PJh4azDGSZDby4vzedVfthHkeTLDUw@mail.gmail.com>
Message-ID: <CAMj1kXFf8z+g=A-mKE29PJh4azDGSZDby4vzedVfthHkeTLDUw@mail.gmail.com>
Subject: Re: [edk2-devel] [PATCH v4] ArmVirt: Allow memory attributes protocol to be disabled
To: Gerd Hoffmann <kraxel@redhat.com>
Cc: Ard Biesheuvel <ardb@google.com>, devel@edk2.groups.io, 
	Oliver Steffen <osteffen@redhat.com>, Alexander Graf <graf@amazon.com>, 
	Oliver Smith-Denny <osde@linux.microsoft.com>, Taylor Beebe <taylor.d.beebe@gmail.com>, 
	Peter Jones <pjones@redhat.com>, Leif Lindholm <quic_llindhol@quicinc.com>, 
	Laszlo Ersek <lersek@redhat.com>
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,ardb@kernel.org
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
Content-Type: text/plain; charset="UTF-8"
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=r1dHFLCP;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=kernel.org (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io

On Tue, 12 Dec 2023 at 11:08, Gerd Hoffmann <kraxel@redhat.com> wrote:
>
> On Tue, Dec 12, 2023 at 09:36:00AM +0100, Ard Biesheuvel wrote:
> > From: Ard Biesheuvel <ardb@kernel.org>
> >
> > Shim's PE loader uses the EFI memory attributes protocol in a way that
> > results in an immediate crash when invoking the loaded image, unless the
> > base and size of its executable segment are both aligned to 4k.
> >
> > If this is not the case, it will strip the memory allocation of its
> > executable permissions, but fail to add them back for the executable
> > region, resulting in non-executable code. Unfortunately, the PE loader
> > does not even bother invoking the protocol in this case (as it notices
> > the misalignment), making it very hard for system firmware to work
> > around this by attempting to infer the intent of the caller.
> >
> > So let's introduce a QEMU command line option to indicate that the
> > protocol should not be exposed at all, and a PCD to set the default for
> > this option when it is omitted.
> >
> >   -fw_cfg opt/org.tianocore/UninstallMemAttrProtocol,string=y
>
> Tested-by: Gerd Hoffmann <kraxel@redhat.com>
> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
>

Thanks all - I've queued this up now.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#112388): https://edk2.groups.io/g/devel/message/112388
Mute This Topic: https://groups.io/mt/103126734/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-